A year or two ago, Splunk’s focus was on the collection of operational data with network and systems administrators being the core of their customer base. But Monzy Merza, Splunk’s chief security evangelist has seen the market shift markedly in a short time.
“About a third of the business is now a security business. Our growth rate is accelerating’” he says.
Merza says the market’s use of Splunk is evolving, paralleling the company’s original growth. When they first came to market they were purely focussed on log searching. But they evolved into a log management platform and, ultimately morphing into a forensic investigative tool for IT operations.
“It wasn’t until 2012-2013 that we were placed in the Gartner Magic Quadrant as a SIEM (security information and event management) tool because one of the Splunk partners built a security tool or app that ran on top the Splunk platform”.
With security analytics becoming a massively important part of enterprise security strategy, this has expanded Splunk’s focus.
“What’s driving that is all the analytics. It’s a big data problem. It’s no longer confined to inside the perimeter. It’s about what’s happening in the cloud, hybrid deployment models. There’s a growing concern around letting the machine do more things and wanting the human analysts to apply context and human intelligence," Merza explains.
One of the advantages of Splunk, says Merza, is data is never lost. Splunk retains all of the data it receives without alteration. This is critical in investigating security incidents and is a reason they are able to increase the share of the SIEM market.
The development of new products by Splunk has traditionally been driven by responding to requirements raised by customers. Merza told us the same would be true of the company’s next push into the security market with products that will potentially automate threat response.
For example, Splunk recently partnered with Palo Alto Networks.
“What we did with Splunk was automatically create an alert. That alert sent a signal out to Palo Alto Networks”, says Merza.
This change is good news for channel partners. Not only does it provide them with opportunities to apply their existing expertise in Splunk’s products to new applications but it can broaden their reach to new customers.
It also provides Splunk with many opportunities such as their partnerships with Cisco and CloudStrike where Splunk’s software is used 'under the hood' according to Merza.
One of the big pushes, says Merza, is the further development of Splunk’s partner ecosystem that sees them working with many other companies to develop complete security solutions.